[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [Samba] [PATCH] Re:  Samba 4, Winbind & RFC2307
From:       Andrew Bartlett <abartlet () samba ! org>
Date:       2012-12-26 21:18:47
Message-ID: 1356556727.19694.240.camel () jesse ! tura ! abartlet ! net
[Download RAW message or body]

On Wed, 2012-12-26 at 21:18 +0100, "Dr. Hansjörg Maurer" wrote:
> Hi Andrew
> 
> 
> Am 26.12.2012 10:54, schrieb Andrew Bartlett: 
> > 
> > Attached is an interim patch.  Before we get this into master, I need to
> > write a series of tests, because having this code untested is just
> > causing us trouble.
> > 
> > However, the attached should work, and so I would appreciate some
> > testing if you have time. 
> unfortunately your patch did not solve the problem.
> I found a second appearance of posixAccount and posixGroup in idmap.c
> and removed it
> and after that it works

Thanks!

Once I get some tests in, I'll propose this again, but at least now we
have a solution for you. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org


["0001-s4-idmap-Remove-requirement-that-posixAccount-or-pos.patch" (0001-s4-idmap-Remove-requirement-that-posixAccount-or-pos.patch)]

From 86df402e372fd0c945ad9b4684a48704090c38ce Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 26 Dec 2012 20:48:12 +1100
Subject: [PATCH] s4-idmap: Remove requirement that posixAccount or posixGroup
 be set for rfc2307

This change matches the source3/idmap/idmap_ad.c code, and allows this
feature to work with only the setting of the UID/GID in Active
Directory Users and Computers.

Andrew Bartlett
---
 source4/winbind/idmap.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
index a6cc88f..3773c1d 100644
--- a/source4/winbind/idmap.c
+++ b/source4/winbind/idmap.c
@@ -236,8 +236,7 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx,
 						      LDB_SCOPE_SUBTREE,
 						      sam_attrs, 0,
 						      "(&(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u))"
-						      "(uidNumber=%u)(objectSid=*)"
-						      "(|(objectClass=posixAccount)(objectClass=posixGroup)))",
+						      "(uidNumber=%u)(objectSid=*))",
 						      ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, unixid->id);
 			} else {
 				/* If we are not to use the rfc2307 attributes, we just emulate a non-match */
@@ -274,8 +273,7 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx,
 						      ldb_get_default_basedn(idmap_ctx->samdb),
 						      LDB_SCOPE_SUBTREE,
 						      sam_attrs, 0,
-						      "(&(|(sAMaccountType=%u)(sAMaccountType=%u))(gidNumber=%u)"
-						      "(|(objectClass=posixAccount)(objectClass=posixGroup)))",
+						      "(&(|(sAMaccountType=%u)(sAMaccountType=%u))(gidNumber=%u))",
 						      ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP,
 						      unixid->id);
 			} else {
@@ -439,8 +437,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
 				      "(&(objectSid=%s)"
 				      "(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u)"
 				      "(sAMaccountType=%u)(sAMaccountType=%u))"
-				      "(|(uidNumber=*)(gidNumber=*))"
-				      "(|(objectClass=posixAccount)(objectClass=posixGroup)))",
+				      "(|(uidNumber=*)(gidNumber=*)))",
 				      dom_sid_string(tmp_ctx, sid),
 				      ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST,
 				      ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP);
-- 
1.7.11.7



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[prev in list] [next in list] [prev in thread] [next in thread]